Friday, October 31, 2014

Legal consultants maintain that a great deal may be at stake for employers and benefit managers when data breaches occur in health care provider systems.

A health record is far more valuable than information stolen from a financial institution, according to Charles E. Harrell, partner at Duane Morris. “An electronic health record (EHR) would have enough information that you could create a false identity pretty quickly.”

"Employers have to be particularly mindful of the fact that people are out there trying to steal information." - Charles E. Harrell, partner, Duane Morris

For employers, which administer health care coverage, payroll and other benefit systems, Harrell says “there’s a lot that we have to do.” A 2013 survey by Employee Benefit Research Institute found 156 million people had employment-based health benefits.

“Employers have to be particularly mindful of the fact that people are out there trying to steal information," says Harrell. Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Thursday, October 30, 2014

The parents of a boy who shot classmates at school have filed a lawsuit against the New Mexico hospital where he was treated claiming not enough was done to protect the privacy of their son's medical record.

The boy's medical record was inappropriately accessed by eight of the hospital staff. The parents are seeking compensatory and punitive damages from the hospital for "gross and reckless disregard of their son's rights.

"Eight staff members had "gross and reckless disregard of [his privacy] rights" when he was a patient at the hospital ." - News 4, Albuquerque

Wednesday, October 29, 2014

It appears the Federal Communication Commission (FCC) is taking a stand as data security cop. It has fined a telecommunications company and its affiliate $10 million for violating the privacy of phone customers' personally identifiable information (PII). The action is the FCC's first data security case and the largest privacy enforcement in the Commission’s history.

The Chief of the FCC's Enforcement Bureau said consumers trust their personal information will be protected and "when carriers break that trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices."

"When carriers break [consumer] trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices." - Chief of the FCC’s Enforcement Bureau, Travis LeBlanc

The personally identifiable information she stole from a hospital database included patients' names, addresses, birth dates, and Social Security numbers.

"[She] accessed the [hospital] database...to steal patient identities, including names, dates of birth, and social security numbers, so that she could sell them." - U.S. Attorney’s Office, Southern District of Florida

Friday, October 24, 2014

Digital health investments in the first three quarters of 2014 reached $3 billion.

In the first half of this year investments had already exceeded those in 2013, according to a report by Rock Health. Analytics and big data were the top two among six business categories favored by investors. The most active investors this year, include Founders Fund, Khosla Ventures, Sequoia Capital, and Venrock, according to a report by StartUp Health.

"The top business types in tech health targeted by investors are analytics and big data." - Venture Beat

Thursday, October 23, 2014

The Federal Trade Commission (FTC) has named Ashkan Soltani its new CTO, reinforcing its focus on digital privacy issues.

Mr. Soltani is well known in digital privacy circles as an independent research consultant. He has a history with the FTC, having served there as staff technologist for the Division of Privacy and Identity Protection. Soltani is replacing Lantanya Sweeney who is returning to Harvard University.

"Naming Soltani CTO signals how seriously the FTC takes the issue of privacy and in particular digital privacy." - Marc Groman, NAI President and CEO

Tuesday, October 21, 2014

Two hospital employees breached Toronto Mayor Rob Ford's privacy by snooping in his medical records, according to the hospital where he was treated.

In Canada it is a Personal Health Information Protection Act offence to collect, use or disclose personal health information, said acting information and privacy commissioner of Ontario Brian Beamish. Any individual found guilty of the offence can be fined up to $50,000 and any organization, up to $250,000

The hospital reported that an audit discovered the breaches. While it is not uncommon to closely monitor access to VIP medical records monitoring of access to every patient is not as widespread. Healthcare organizations can monitor access to all patient records, by all staff, with low-cost on-demand SaaS analytics services.

Monday, October 20, 2014

An Ohio police chief pleaded guilty to misusing the Ohio Law Enforcement Gateway to obtain information on people for purposes unrelated to law enforcement. The online secure network shares criminal-justice data among law-enforcement agencies, and is supposed to be used only for official business.

He was sentenced to six months in prison, suspended to a year’s probation for unauthorized use of property. According to the Ohio attorney general, this former police chief can never again be a sworn officer in the state.

"The police chief...misused the Ohio Law Enforcement Gateway to obtain information on people for purposes unrelated to law enforcement." - The Columbus Dispatch

It is unclear how these breaches were discovered. Organizations seeking to proactively detect privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Friday, October 17, 2014

The hospital's data breach compromised personal patient information including names,
addresses, credit card numbers and Social Security numbers. The plantiffs' attorney attorney has said the hospital was "also slow to detect the breaches and take corrective acction."

"[The hospital] was also slow to detect the breaches and take corrective action." - Turner W. Branch, senior partner of the Branch Law Firm

Thursday, October 16, 2014

A Virginia School Board member leaked disciplinary files on at least 20 students to a vendor that provides mental health services.

Reportedly, some at the school were not aware that board members could access student records. The school district is conducting a full investigation of the breach and notifying parents of the students' involved.

"Student records are not public records...they contain not only education information but health information as well." - Bill Bosher, former school superintendent

The breach of confidential student information was discovered by a third party. Organizations seeking to proactively detect privacy data breaches, even by authorized users, can utilize low-cost on-demand SaaS analytics services.

Wednesday, October 15, 2014

The Department of Health and Human Services (HHS) has named Lucia Savage, Esq. as the new chief privacy officer of the Office of the National Coordinator for Health IT (ONC).

Ms. Savage currently is a senior associate general counsel at insurer United Healthcare. In her role at the ONC she will provide advice to HHS and ONC on developing privacy and security programs to carry out mandates in the HITECH Act. The post will also help set privacy and security programs as ONC moves into post-HITECH initiatives.

"Savage] brings to our team a set of rich experiences at the intersection of health information, privacy, and modernizing the health care delivery system." - Karen DeSalvo, ONC National Coordinator

"She has stellar qualifications and a passion for health IT. ... I am confident that she will bring her wealth of experience to advance critical privacy and security policies in health IT development and implementation," according to ONC head Karen DeSalvo.

Tuesday, October 14, 2014

A data privacy breach in August has a Tennessee based hospital chain facing a class action suit in New Mexico and six other states. "As a result of the defendants' failure to implement and follow basic security procedures, plaintiff's sensitive information is now in the hands of thieves,” according to the suit.

Monday, October 13, 2014

Childens' privacy breaches by an insider may have gone on longer than initially reported. It now seems that although the hospital knew there had been snooping by an employee for fourteen months it may have gone on for twenty months.

Why was the worker allowed to continue snooping through private records for months after the hospital became aware of the breach? The hospital said they “did take action” in the case, such as conducting additional audits that found more breaches.

" new figures suggest the [breaches of childrens' privacy] continued for much longer — 20 months — from January 2013 to August 2014." - Calgary Herald

Rather than take months to conduct detailed audits of which records staff accessed organizations can know within days with low-cost on-demand SaaS analytics services.

Friday, October 10, 2014

Five employees of a Manhattan department store have been accused of being part of an identity theft ring. The ringleader allegedly stole customer identities and then had her four accomplices purchase luxury goods that were then sold on the black market.

Local as well as federal authorities, including the Secret Service and Homeland Security, were involved in breaking up the ring.

"Sales associates bought $400,000 in designer products that were resold on the black market." - Manhattan District Attorney

It seems the department store learned of the identity thefts, which began in April, from a third party. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

Monday, October 6, 2014

Nine people from Alabama and Georgia are accused of stealing IDs from the military hospital at Fort Benning. The patients' identities, as well as those from a state corrections facility, were used to file $20 million in fraudulent tax refunds.

U.S. District Judge Keith Watkins postponed the trial from Nov. 3 to April 13 at the joint request of the prosecution and defense.

"The nine...are accused of using 7,000 stolen IDs to file $20 million in fraudulent tax returns." - The Telegraph

it is unclear how the identity thefts were discovered. Organizations seeking to proactively detect identity thefts and breaches of data privacy can utilize low-cost on-demand SaaS analytics services.

Thursday, October 2, 2014

October 2014 marks the 11th Annual Cyber Security Month. Americans of all ages can take action to raise the level of our collective cybersecurity, and the Department of Homeland Security's "Stop.Think.Connect." campaign is empowering individuals to do their part.

Everyone should utilize secure passwords online and change them regularly. Internet users should take advantage of all available methods to protect their private accounts and information, and parents can teach their children not to share personal information over the Internet

"54% of Americans are extremely concerned about loss of personal or financial information.." - National Cyber Security Alliance survey

Wednesday, October 1, 2014

He unlawfully accessed police computer systems during a six month long dispute with his neighbor. The breach came to light when a complaint was filed with the Criminal Allegations Against the Police Division.

"A local police officer has been found to be in breach of the Data Protection Act after a dispute between neighbours.." - Ardrossan Herald

Rather than have a complaint filed, organizations can proactively detect privacy data breaches by utilizing low-cost on-demand SaaS analytics services.